tox.chat is distributing toxic with CVE vulnerabilities

JFreegman / toxic

A Tox-based instant messaging and video chat client

GNU General Public License v3.0

1.19k stars 152 forks source link

tox.chat is distributing toxic with CVE vulnerabilities #648

Closed emdee-is closed 1 year ago

emdee-is commented 1 year ago

tox.chat - the flag portal for tox - is distributing a version of toxic with a known CVE github.com/Jfreegman/toxic/releases/download/v0.12.0/toxic-minimal-static-musl_linux_x86-64.tar.xz

Who can update tox.chat?

JFreegman commented 1 year ago

That's the latest version of Toxic. What CVE are you referring to?

JFreegman commented 1 year ago

There is no patch for that issue although I believe someone has recently renewed work on it. Moreover this is not a client issue.